[14148] in bugtraq
Foundry Networks ServerIron sequence predictability fix soon to
daemon@ATHENA.MIT.EDU (Andrew van der Stock)
Thu Mar 2 15:58:58 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <EMEOLGIJGHCAFMLLBDKJCECLCKAA.a.vanderstock@e-secure.com.au>
Date: Thu, 2 Mar 2000 15:35:06 +1100
Reply-To: a.vanderstock@e-secure.com.au
From: Andrew van der Stock <a.vanderstock@E-SECURE.COM.AU>
X-To: BUGTRAQ <BUGTRAQ@SECURITYFOCUS.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Foundry have responded to the advisory quickly, and will be releasing
patched firmware soon (as in the next few hours, and probably by the time
you read this - I already have it). Stable firmware will be available via
the Foundry support web site in less than two weeks.
See http://www.foundrynet.com/bugTraq.html for the latest news on this
issue. This page also points out some reasonable steps you can take to
reduce the risk of remote management whilst using your Foundry devices.
For those Foundry owners who are interested, native ssh access to the
Foundry switches is apparently available as an add-on product. As many of
you know, ssh reduces the risk of remote management by not using clear text
for important secrets such as passwords and configuration details. I
recommend all Foundry owners to contact their vendor or use their support
details to obtain this important add-on.
I wish to thank Chandra Kopparapu, Foundry's Product Marketing Manager for
layer 4-7 switches for his prompt response to this issue.
Andrew van der Stock, Security Architect e-Secure Pty Ltd
"Secure in a Networked World" Phone: 02 9438 4984 Fax: 02 9438
4986
Suite 201, 2-4 Pacific Hwy, Mobile: 0412 532 963
St. Leonards NSW 2065 Australia http://www.e-Secure.com.au/
ACN 086 248 419
e-mail:A.vanderStock@e-Secure.com.au
